Related Tips & Info

Reading the LDAP 'networkAddress' Attribute of a Server or User Object

MigrationDeletedUser
0 Likes
A perl script to read the LDAP 'networkAddress' attribute of a server or user object from an eDirectory LDAP server and get the TCP/IP address in decimal dot notation.

The network address attribute when read via LDAP is in the form-
LDAP Format, String:
taggedData = uint32String "#" octetstring
byte 0 = uint32String = Address Type: eg. 1 = IP Address (user); 9 = TCP Address (server)
byte 1 = char = "#" - separator
byte 2 = octetstring - the ordinal value of the address

The following instructions assume that you have a working LDAP server and Perl installed with the Net::LDAP module http://ldap.perl.org/ . Of course, the LDAP 'networkAddress' attribute must be visible for your LDAP proxy user.

This script can be used a command line tool or called from another script by passing the following arguments:
- LDAP server qualified DNS name or IP address
- Base OU for the LDAP search, o=myorg
- CN of the object look up the IP address of, username or server name
In that order! eg:
netaddr.pl (ldap server) (base dn) (object)

Labels:

Collateral
Comment List
Anonymous
  • Next you will find my own function that helps me to convert the base64 coded networkAddress in awk scripts. The output of this function presents only the IP address in a dotted decimal format . I hope it can help. It was written for a french company.


    function decode(chaine){

    # Cette fonction est limitee a la conversion des netAddress IP des serveurs
    # Novell stockees dans la base eDirectory en format Base64.
    # Nous ne tenons pas compte ici des 4 premiers octets recuperes, qui precise
    # le port (NCP) et le transport (UDP, TCP, IP) qui importe peu dans cette procedure.

    BASE64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

    resultat = ""
    nextPosDec = 1

    while (length(chaine) > 0){
    # recuperation par groupe de 4 codes Base64
    for (pos=1; pos
    # Transcription du code en valeur numerique selon Base64
    for (pos=1; pos
    numCode[pos] = index(BASE64,code[pos]) - 1
    if (numCode[pos]
    }
    # Transcription des 4 codes (6 bits) en 3 octets (8 bits) valeurs
    # decimales
    octetDec[nextPosDec + 2] = (numCode[3] % 4) * 64 + numCode[4]
    octetDec[nextPosDec + 1] = (numCode[2] % 16) * 16 + int(numCode[3] / 4)
    octetDec[nextPosDec] = (numCode[1] * 4) + int(numCode[2] / 16)

    nextPosDec += 3

    chaine = substr(chaine, 5)
    }

    resultat = octetDec[5] "." octetDec[6] "." octetDec[7] "." octetDec[8]

    return resultat
    }

  • Hi, I would like to know if is there a way to provide the inverse value, I mean, I got the IP address, and I wanna compare with the value into networkAddress to see if the IP being passed to me matches with the one into NDS.

    Is that possible?

    Thanks!
  • in reply to MigrationDeletedUser
    Thanks for the C# example, works like a charm!

  • This took me a good while to figure out, so I hope that the community finds it useful. Please feel free to e-mail me if you have comments or suggestions...



    // with a connected and bound ldap connection ldapConn...

    LdapEntry server = ldapConn.Read(serverDN); // find server in tree

    // retrieve and decode the server's network address

    LdapAttribute serverNetAddr = server.getAttribute("networkaddress");

    // loop through the multivalued networkaddress field
    foreach(sbyte[] addrBytes in serverNetAddr.ByteValueArray) {

       // get the first character in the line which indicates type
       char type = (char)addrBytes[0];

       if(type == '9') { // only interested in TCP address
           string serverTCPAddr = "";
           for(int i=(addrBytes.Length-4); i<addrBytes.Length; i++) { // last four bytes are the ip address
          byte b = unchecked((byte)addrBytes[i]); // convert sbyte to byte
             serverTCPAddr = serverTCPAddr + b; // append value to string
             if(i>0 && i<(addrBytes.Length - 1))
             serverTCPAddr = serverTCPAddr + "."; // brute force the dots
        }

      }

    }
  • $addr = "";
    $addrtype = intval(substr($networkaddress, 0, 1));

    // throw away bytes 0 and 1 which should be the addrtype and the "#" separator
    $networkaddress = substr($networkaddress, 2);

    $addrtypes = array('IPX', 'IP', 'SDLC', 'Token Ring', 'OSI', 'AppleTalk', 'NetBEUI', 'Socket', 'UDP', 'TCP', 'UDP6', 'TCP6', 'Reserved (12)', 'URL', 'Count');

    $len = strlen($networkaddress);

    if ($len > 0) {
    for ($i=0; $i
    $byte = substr($networkaddress, $i, 1);
    $addr .= ord($byte);

    if ($addrtype == 1){ // dot separate IP addresses...
    $addr .= ".";
    }
    }

    if ($addrtype == 1) {
    // strip last period from end of $addr
    $addr = substr($addr, 0, strlen($addr)-1);
    }
    }
    else {
    $addr .= "address not available.";
    }

    printf($addrtypes[$addrtype] . ": " . $addr);
Related Discussions
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.